package com.jml.security.config;

import com.jml.security.properties.SecurityConstants;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;


public class AbstractChannelSecurityConfig extends WebSecurityConfigurerAdapter {

	/*
	* //配置图形验证码过滤器
		ValidateCodeFilter validateCodeFilter = new ValidateCodeFilter();
		validateCodeFilter.setAuthenticationFailureHandler(jmlAuthenticationFailureHandler);
		validateCodeFilter.setSecurityProperties(securityProperties);
		validateCodeFilter.afterPropertiesSet();
		//配置短信过滤器
		SmsCodeFilter smsCodeFilter = new SmsCodeFilter();
		smsCodeFilter.setAuthenticationFailureHandler(jmlAuthenticationFailureHandler);
		smsCodeFilter.setSecurityProperties(securityProperties);
		smsCodeFilter.afterPropertiesSet();
		//formLogin 表示页面表单登录 httpBasic表示弹窗登录，默认是这个方式
		//authorizeRequests表示这个后面的请求都是需要授权的配置
		http
				.addFilterBefore(smsCodeFilter,UsernamePasswordAuthenticationFilter.class)
				.addFilterBefore(validateCodeFilter,UsernamePasswordAuthenticationFilter.class)
				.formLogin()
					//这个就是登录页面所在的url
					//.loginPage("/jml-signIn.html")
					//这个是登录的请求
					.loginPage("/authentication/require")
					//表明这个路径就是授权验证，会调用UserNamePassword去验证
					.loginProcessingUrl("/authentication/form")
					//表单登录成功会进入自定义处理器
					.successHandler(jmlAuthenticationSuccessHandler)
					//表单登录失败会进入自定义处理器
					.failureHandler(jmlAuthenticationFailureHandler)
					.and()
	* */
	@Autowired
	protected AuthenticationSuccessHandler jmlAuthenticationSuccessHandler;
	
	@Autowired
	protected AuthenticationFailureHandler jmlAuthenticationFailureHandler;
	
	protected void applyPasswordAuthenticationConfig(HttpSecurity http) throws Exception {
		http.formLogin()
			.loginPage(SecurityConstants.DEFAULT_UNAUTHENTICATION_URL)
			.loginProcessingUrl(SecurityConstants.DEFAULT_LOGIN_PROCESSING_URL_FORM)
			.successHandler(jmlAuthenticationSuccessHandler)
			.failureHandler(jmlAuthenticationFailureHandler);
	}
}
